Lucene search
+L

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/01 4:36 p.m.9 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score0.00493EPSS
Exploits1References6
EUVD
EUVD
added 2026/07/01 4:36 p.m.10 views

EUVD-2026-41089

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score0.00493EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/27 10:47 p.m.7 views

Relative Path Traversal

Overview @vltpkg/tar is an An extremely limited and very fast tar extractor Affected versions of this package are vulnerable to Relative Path Traversal via improper sanitization of file paths during the extraction process. An attacker can overwrite arbitrary files on the filesystem by crafting ta...

5.9CVSS6AI score0.0018EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.4 views

TencentOS Server 3: python3 (TSSA-2025:0796)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0796 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 9:39 a.m.9 views

CLSA-2025-1758101956 Fix CVE(s): CVE-2025-8194

SECURITY UPDATE: defect in 'tarfile' module leads to infinite loop and deadlock in parsing of maliciously crafted tar archives - debian/patches/CVE-2025-8194.patch: Validate archives to ensure member offsets are non-negative - CVE-2025-8194...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.8 views

Alibaba Cloud Linux 3 : 0147: python3 (ALINUX3-SA-2025:0147)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0147 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-8194: There is a defect in the CPython...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 3:33 p.m.3 views

BIT-LIBPYTHON-2025-8194 Tarfile infinite loop during parsing with negative member offset

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

7.5CVSS7.1AI score0.00611EPSS
Exploits0References20
OSV
OSV
added 2025/07/28 6:42 p.m.5 views

CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2025/07/02 6:27 a.m.4 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.2AI score0.00805EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2025/07/01 9:13 p.m.6 views

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

5.3CVSS7.1AI score0.00637EPSS
Exploits1References11
Veracode
Veracode
added 2025/06/05 11:3 a.m.9 views

Path Traversal

Python tarfile module is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during extraction with TarFile.extractall or TarFile.extract when using the filter="data" or filter="tar" parameter, which allows an attacker to craft a malicious tar archive that...

9.4CVSS5.9AI score0.01227EPSS
Exploits11References16Affected Software2
RedhatCVE
RedhatCVE
added 2025/06/03 2:51 p.m.12 views

CVE-2024-12718

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters. Mitigation Mitigatio...

7.6CVSS6.6AI score0.00637EPSS
Exploits1References10
Rows per page
Query Builder